Avira, PWI and a probable False Positive
Chillum - Dreamweaver
Posts: 887 Arc User
Hello.
Updated my Avira anti virus software before a system scan last night and it came up with a few things:
[Coped from the log]
E:\PWi\v166_XP\PWI_v166_XP.part2.rar
[0] Archive type: RAR
--> install.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
E:\PWi\v166_XP\PWI Installation Files\install.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
E:\v166_XP\PWI_v166_XP.part2.rar
[0] Archive type: RAR
--> install.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
E:\v166_XP\PWI Installation Files\install.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
Begin scan in 'F:\' <Games>
F:\Perfect World International\uninstall.exe
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
I imagine this is a false positive as Avira has had previous with regards to that and PWI for me.
Just putting this out there for other people or PWI to let others know or confirm that it is a false positive.
Regards.
Edit: Have sent in a potential false positive report to Avira.
Updated my Avira anti virus software before a system scan last night and it came up with a few things:
[Coped from the log]
E:\PWi\v166_XP\PWI_v166_XP.part2.rar
[0] Archive type: RAR
--> install.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
E:\PWi\v166_XP\PWI Installation Files\install.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
E:\v166_XP\PWI_v166_XP.part2.rar
[0] Archive type: RAR
--> install.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
E:\v166_XP\PWI Installation Files\install.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
Begin scan in 'F:\' <Games>
F:\Perfect World International\uninstall.exe
[DETECTION] Is the TR/Obfuscated.JB.134 Trojan
I imagine this is a false positive as Avira has had previous with regards to that and PWI for me.
Just putting this out there for other people or PWI to let others know or confirm that it is a false positive.
Regards.
Edit: Have sent in a potential false positive report to Avira.
[SIGPIC][/SIGPIC]
Post edited by Chillum - Dreamweaver on
0
Comments
-
Update from Avira:
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25816512 install.exe 1.14 MB FALSE POSITIVE
Please find a detailed report concerning each individual sample below:
Filename Result
install.exe FALSE POSITIVE
The file 'install.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.
Haven't sent anything about the uninstall.exe as I think I might have accidentally deleted it.
b:surrender
Regards.[SIGPIC][/SIGPIC]0
Categories
- All Categories
- 182.1K PWI
- 685 Official Announcements
- 2 Rules of Conduct
- 264 Cabbage Patch Notes
- 61.2K General Discussion
- 1.5K Quality Corner
- 11K Suggestion Box
- 77.4K Archosaur City
- 3.5K Cash Shop Huddle
- 14.3K Server Symposium
- 18.1K Dungeons & Tactics
- 2K The Crafting Nook
- 4.9K Guild Banter
- 6.6K The Trading Post
- 28K Class Discussion
- 1.9K Arigora Colosseum
- 78 TW & Cross Server Battles
- 336 Nation Wars
- 8.2K Off-Topic Discussion
- 3.7K The Fanatics Forum
- 202 Screenshots and Videos
- 22.8K Support Desk